Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Nzqw?

While analyzing malware samples submitted to VirusTotal, our team encountered the Nzqw ransomware, a member of the Djvu family. When a computer becomes compromised, Nzqw encrypts a range of files and appends the ".nzqw" extension to their original filenames. For instance, a file named "1.jpg" would be transformed into "1.jpg.nzqw", and "2.png" would become "2.png.nzqw", and so on.

In addition to encrypting files, Nzqw generates a ransom note presented as a text file named "_readme.txt". Moreover, the distribution of Nzqw may involve collaboration with information-stealing malware such as Vidar and RedLine.

What kind of malware is Nztt?

While examining malware samples submitted to VirusTotal, our team came across the Nztt ransomware, a variant linked to the Djvu family. Once a computer is compromised, Nztt encrypts various files and adds the ".nztt" extension to their initial filenames. For example, a file named "1.jpg" transforms into "1.jpg.nztt", and "2.png" changes to "2.png.nztt", and so forth.

Apart from its file encryption capability, Nztt also generates a ransom note presented as a text file named "_readme.txt". Furthermore, the distribution of Nztt may encompass cooperation with information-stealing malware such as Vidar and RedLine.

What kind of application is ContentRanger?

Our research team discovered the ContentRanger application during a routine investigation of new submissions to the VirusTotal site. After analyzing this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of email is "USPS - Your Package Is Waiting For Delivery"?

After examining the "USPS - Your Package Is Waiting For Delivery" email, we determined that it is fake. This spam letter claims that the recipient has outstanding delivery fees and redirects them to a fraudulent USPS website. This phishing site records provided information.

It must be stressed that this mail is in no way associated with the actual USPS (United States Postal Service), nor are any of its claims true.

What kind of malware is DontCryLol?

While investigating new submissions to the VirusTotal website, our researchers discovered DontCryLol – a ransomware-type program identical to Ransomwarebit and Backshow. This malware encrypts data and demands ransoms for its decryption.

On our test machine, DontCryLol encrypted files. To their filenames, the ransomware added a string following this pattern – "_[ID-[victim's_ID]_Mail-dontcrylol@mailfence.com].[random_extension]". For example, a file initially titled "1.jpg" appeared as "1.jpg_[ID-09XQU_Mail-dontcrylol@mailfence.com].KCB".

Once the encryption process was concluded, DontCryLol created identical ransom notes in a pop-up window ("ReadMe.hta") and text file ("Restore_Your_Files.txt"). These messages indicate that this ransomware utilizes double-extortion tactics.

What kind of email is "Updated Terms of Use"?

After inspecting the "Updated Terms of Use" email, we determined that it is malspam. This mail is presented as a notification from Zilliow – a tech real-estate marketplace company – informing the recipient of updates to the Terms of Use updates. This email aims to trick recipients into opening the malicious attachment.

It must be emphasized that all the claims made by this spam mail are false, and it is in no way associated with Zillow Group, Inc.

What kind of application is ExplorationSprint?

ExplorationSprint is an adware-type application that our research team discovered while inspecting new file submissions to VirusTotal. This app is part of the AdLoad malware family. ExplorationSprint operates by feeding users with unwanted and potentially malicious ads.

What kind of application is Quick tail?

During our examination of the Quick tail application, we observed its ability to manipulate web browsers by implementing specific modifications to their settings. These types of applications fall under the category of browser hijackers. Usually, browser hijackers are promoted and distributed using deceptive techniques.

What kind of malware is Kmrox?

While investigating new submissions to VirusTotal, our researchers discovered another Phobos ransomware called Kmrox. Malware within the ransomware category is designed to encrypt data and demand payment for its decryption.

On our testing machine, Kmrox encrypted files and changed their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".kmrox" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3489].[exezez@blaze420.it].kmrox", and so on. Afterwards, ransom notes were created in a pop-up window ("info.hta") and text file ("info.txt").

What kind of malware is Payola?

Payola is ransomware designed to encrypt data, append the ".Payola" extension to filenames, change the desktop wallpaper, and create a ransom note ("Recovery_Guide.html"). An example of how Payola renames files: it changes "1.jpg" to "1.jpg.Payola", "2.png" to "2.png.Payola", and so forth.